We have a new IETF draft for OAuth v2.1, Authorization Framework. It's not radically different from 2.0, but does have the latest security best practices built-in by design. Aaron Parecki hada great blog post explaining the rationale behind the update.
The main changes for your dev teams to be aware of are:
Proof Key for Code Exchange (PKCE) is now required for authorization code grant.
Exact matching is required for redirect URIs.
Refresh tokens are now sender-constrained or one-time use only.
Implicit grant and Resource Owner Password Credentials grant have been removed.
Bearer tokens in query parameters are no longer allowed.